> Rather, to audit the Intel RNG, the first thing to do is to run> statistical tests on the input to SHA-1. Ideally, you'd like to do> this before the von Neumann stage, but since the von Neumann compensator> is in hardware, that's not possible. Fortunately, you can do the> auditing on the output of the von Neumann stage, and this is almost> as good. Because the von Neumann filter does only very light conditioning,> any flaws in the input to the von Neumann stage are likely to be apparent> after the output stage as well, if you have a large number of samples.

This argument assumes you have knowledge of the inner workings of thisstep. To the best of my knowledge no one outside of Intel has crackedopen this chip and actually tested that this black box _does what itsays its doing_. This is what is meant by auditing.

Randomness tests like DIEHARD are absolutely useless for anythingother than telling you the spectral uniformity of a source, which isno indication as to whether it's deterministic or not.

What right-thinking paranoid would place any faith in an analysis withan Intel copyright? This is practically marketing fluff anyway.

> Of course, there are no guarantees. But let's look at the alternatives.> If you pick software-based noise sources, there's always the risk that> they may fail to produce useful entropy. (For instance, you sample the> soundcard, but 5% of machines have no soundcard and hence give no> entropy, or 5% of the time you get back stuff highly correlated to> 60Hz AC.) The risk that a software-based noise source fails seems much> higher than the risk that the Intel RNG has a backdoor.

But we can actually audit the former and decided whether to trust it.For the Intel part, we only have faith. If you're one of the numerousgovernments that's bought crypto solutions from respectablecorporations for your diplomatic communications that later turned outto be backdoored, that faith doesn't have much currency. See LotusNotes and Crypto AG for two of the more notorious cases.